From daa59335ccaa1f9a9f18202367b405375bee519e Mon Sep 17 00:00:00 2001 From: Toutsu Date: Tue, 19 May 2026 12:30:25 +0300 Subject: [PATCH] fix(discord): resolve permission checking for /newsession command - DiscordPermissionChecker: removed dead-code userRoles overload; now only uses resolvedPermissions bitflag (Administrator = 0x8). - DiscordNewSessionCommand: computes resolved permissions from guild user roles via Context.Guild.Users[Id].RoleIds + guild.Roles. - DiscordNewSessionHandler: updated signature to accept ulong resolvedPermissions instead of unused userRoles. - Added ILogger to command for diagnostics on unexpected errors. - Added test: regular user with ManageServer (but not Admin) is rejected. Refs issue #28 Co-Authored-By: Claude Opus 4.7 --- CLAUDE.md | 144 +++ ...6-05-19-discord-newsession-listsessions.md | 984 ++++++++++++++++++ .../Sessions/DiscordNewSessionCommand.cs | 34 +- .../Sessions/DiscordNewSessionHandler.cs | 4 +- .../Discord/DiscordPermissionChecker.cs | 16 +- .../Discord/DiscordPermissionCheckerTests.cs | 25 +- 6 files changed, 1179 insertions(+), 28 deletions(-) create mode 100644 CLAUDE.md create mode 100644 docs/superpowers/plans/2026-05-19-discord-newsession-listsessions.md diff --git a/CLAUDE.md b/CLAUDE.md new file mode 100644 index 0000000..ae4ffde --- /dev/null +++ b/CLAUDE.md @@ -0,0 +1,144 @@ +# CLAUDE.md + +This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. + +## Build, Test, and Development Commands + +This is a .NET 10 solution using the modern XML-based `.slnx` format. The global SDK version is `10.0.100` with `rollForward: latestFeature`. + +**Build the solution:** +```bash +dotnet build +``` + +**Build individual projects (the CI does this to include SAST via SecurityCodeScan):** +```bash +dotnet build src/GmRelay.Shared/GmRelay.Shared.csproj --no-restore +dotnet build src/GmRelay.Bot/GmRelay.Bot.csproj --no-restore +dotnet build src/GmRelay.Web/GmRelay.Web.csproj --no-restore +``` + +**Run all tests:** +```bash +dotnet test tests/GmRelay.Bot.Tests/GmRelay.Bot.Tests.csproj --verbosity normal +``` + +**Run a single test class or method:** +```bash +dotnet test tests/GmRelay.Bot.Tests/GmRelay.Bot.Tests.csproj --filter "FullyQualifiedName~YourTestClassName" +``` + +**Lint and format:** +```bash +dotnet format --verify-no-changes --verbosity diagnostic # CI enforcement +dotnet format # Apply fixes +``` + +**Check for vulnerable packages:** +```bash +dotnet list package --vulnerable --include-transitive +``` + +**Restore with lock file verification:** +The repo enforces `RestorePackagesWithLockFile=true`. After adding or updating packages, commit the updated `packages.lock.json` files or the Trivy scan in CI will fail. + +**Run locally with Aspire (dev orchestration):** +```bash +dotnet run --project src/GmRelay.AppHost/GmRelay.AppHost.csproj +``` +This automatically starts PostgreSQL in a container, the Bot, and the Web dashboard. + +**Run locally with Docker Compose (production-like):** +```bash +cp .env.example .env +# Edit .env with your TELEGRAM_BOT_TOKEN, TELEGRAM_BOT_USERNAME, POSTGRES_PASSWORD +docker compose up -d +``` + +## High-Level Architecture + +### Project Roles and Runtime Model + +| Project | Runtime | Key Trait | +|---|---|---| +| `GmRelay.Bot` | `Microsoft.NET.Sdk.Worker` | **Native AOT** binary. Telegram long polling bot + stateless scheduler. | +| `GmRelay.Web` | `Microsoft.NET.Sdk.Web` | Blazor Server dashboard. Cookie auth via Telegram Login Widget / Mini App `initData`. | +| `GmRelay.Shared` | Plain library | Domain models and platform-neutral view builders. **Must not depend on `Telegram.Bot`**. | +| `GmRelay.ServiceDefaults` | Aspire shared project | OpenTelemetry, health checks, HTTP resilience. Referenced by both Bot and Web. | +| `GmRelay.AppHost` | Aspire orchestrator | Dev-only. Spins up PostgreSQL and wires Bot + Web with service discovery. | + +**Important:** `README.md` references `GmRelay.Migrator` and `GmRelay.Worker`, but these projects do not exist. Migrations (`DbUp`) and background workers (`BackgroundService`) live inside `GmRelay.Bot`. + +### Vertical Slice Architecture with Explicit DI + +Each use case is a self-contained vertical slice: a C# record (Command/Query) + Handler class with all logic (SQL, Telegram API calls, validation). There are no abstract repository interfaces or service layers. + +Because the Bot is compiled as Native AOT (`PublishAot=true`, `EnableTrimAnalyzer=true`), **all DI registrations are explicit** in `src/GmRelay.Bot/Program.cs`. There is no assembly scanning or reflection-based discovery. When adding a new handler, you must register it manually in Program.cs. + +### Database Access: Npgsql + Dapper.AOT + DbUp + +**No EF Core** — it is incompatible with Native AOT. The stack is: +- **Npgsql** ADO.NET for connections. +- **Dapper 2.1.72** with **Dapper.AOT 1.0.48** for compile-time source-generated mapping (AOT-safe). +- **DbUp 7.0.1** for migrations. SQL scripts are embedded resources in `src/GmRelay.Bot/Migrations/` (V001 through V015). +- `DbMigrator.MigrateUp()` runs on every Bot startup. + +Both Bot and Web share the same PostgreSQL database. Web registers `NpgsqlDataSource` via `builder.AddNpgsqlDataSource("gmrelaydb")` (Aspire integration), while Bot registers it manually to avoid reflection-based Aspire configuration at AOT time. + +### Platform-Neutral Rendering (ADR-002) + +Rendering is split into two stages: +1. **View Builder** (`GmRelay.Shared`) — platform-agnostic view model from domain DTOs. +2. **Platform Renderer** — `TelegramSessionBatchRenderer` lives in both `GmRelay.Bot` and `GmRelay.Web` (temporary duplication until a third Telegram consumer justifies extracting `GmRelay.Shared.Telegram`). + +This means `GmRelay.Shared` must remain free of `Telegram.Bot` types. If you need to add rendering logic that produces `InlineKeyboardMarkup`, it belongs in the Bot or Web project, not Shared. + +### Stateless Scheduling + +The session scheduler (`SessionSchedulerService`) is a `BackgroundService` with a `PeriodicTimer(TimeSpan.FromMinutes(1))`. On each tick it queries PostgreSQL for sessions needing action (T-24h confirmation, T-5min join link) and updates their status. There is no in-memory state — the database is the single source of truth. This design was chosen specifically because Quartz.NET is incompatible with Native AOT. + +### Health Checks + +- **Bot:** Custom `BotHealthCheckHostedService` listens on port 8081. The Docker health check hits `localhost:8081/health`. +- **Web:** Standard ASP.NET Core health checks on `/health` (JSON response with status and timestamp) and `/alive` (liveness probe tag filter). Exposed via `GmRelay.ServiceDefaults`. + +### Authentication and Security + +- **Telegram Login Widget** and **Mini App `initData`** verification via HMAC-SHA256. Cookie auth is hardened (`HttpOnly`, `SecurePolicy.Always`, `SameSite.Strict`). +- Web Data Protection keys are persisted to `/app/dataprotection-keys` (Docker volume `web_keys`). +- Security headers middleware (`X-Content-Type-Options`, `X-Frame-Options`, `Referrer-Policy`, `Permissions-Policy`) is applied globally in Web. +- `SecurityCodeScan.VS2019` (5.6.7) is included in all projects via `Directory.Build.props` for SAST at build time. +- Connection string passwords are redacted in logs via `SecretRedactor`. + +### CI/CD Pipeline + +`.gitea/workflows/pr-checks.yml` runs on every PR to `main`: +1. `dotnet restore` +2. Verify `packages.lock.json` files exist for Trivy +3. `dotnet format --verify-no-changes` +4. `dotnet list package --vulnerable` +5. Trivy filesystem scan (`vuln,misconfig,secret`, HIGH/CRITICAL) +6. Build Shared → Bot → Web +7. Run tests + +`.gitea/workflows/deploy.yml` runs on push to `main`: +1. Build and push `gmrelay-bot` and `gmrelay-web` images to `git.codeanddice.ru/toutsu/...` +2. Trivy image scan on both images (HIGH/CRITICAL, exit-code 1) +3. Create `.env` from secrets and run `docker compose up -d` + +### Environment Configuration + +Key environment variables (see `.env.example`): +- `TELEGRAM_BOT_TOKEN`, `TELEGRAM_BOT_USERNAME`, `TELEGRAM_MINI_APP_URL` +- `POSTGRES_PASSWORD` +- `GMRELAY_WEB_PORT` (default 8080) +- `ConnectionStrings__gmrelaydb` — used by both Bot and Web + +The Bot reads config as `Telegram:BotToken` (colon) which maps from `Telegram__BotToken` (double underscore) via environment variables. + +### Docker Images + +- **Bot:** Multi-stage Dockerfile. Build stage uses `sdk:10.0-noble` with `clang` and `zlib1g-dev` for AOT compilation. Final stage uses `runtime-deps:10.0-noble`. Exposes 8081. +- **Web:** Multi-stage Dockerfile. Build stage uses `sdk:10.0-noble`. Final stage uses `aspnet:10.0-noble` with `libgssapi-krb5-2` and `wget`. Exposes 8080. + +Both images are built for multi-arch (`linux/amd64`, `linux/arm64`) to support Raspberry Pi 5 (ARM64) deployment. diff --git a/docs/superpowers/plans/2026-05-19-discord-newsession-listsessions.md b/docs/superpowers/plans/2026-05-19-discord-newsession-listsessions.md new file mode 100644 index 0000000..a6560c2 --- /dev/null +++ b/docs/superpowers/plans/2026-05-19-discord-newsession-listsessions.md @@ -0,0 +1,984 @@ +# Discord /newsession и /listsessions — Implementation Plan + +> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:test-driven-development (TDD) for every task. Steps use checkbox (`- [ ]`) syntax for tracking. + +**Goal:** Реализовать slash-команды `/newsession` и `/listsessions` в Discord-боте, позволяющие создавать батчи сессий и просматривать расписание без Web Dashboard. + +**Architecture:** Каждая команда — отдельный vertical slice в `GmRelay.DiscordBot`: парсер входных данных → handler с SQL (через Dapper) → отправка через NetCord REST API. Рендеринг переиспользует существующий `DiscordSessionBatchRenderer`. Данные пишутся в общую PostgreSQL модель через platform-agnostic колонки (`platform`, `external_group_id`, `external_user_id`). + +**Tech Stack:** .NET 10, NetCord 1.0.0-alpha.489, NetCord.Hosting.Services, Dapper, Npgsql, xUnit. + +**Version Bump:** minor (2.3.0 → 2.4.0) — новый функционал. + +--- + +## File Structure + +| File | Responsibility | +|------|--------------| +| `src/GmRelay.DiscordBot/Features/Sessions/DiscordNewSessionCommand.cs` | Slash-команда `/newsession` с параметрами (title, time, seats, link) | +| `src/GmRelay.DiscordBot/Features/Sessions/DiscordNewSessionHandler.cs` | Handler создания batch + sessions в БД, проверка прав | +| `src/GmRelay.DiscordBot/Features/Sessions/DiscordListSessionsCommand.cs` | Slash-команда `/listsessions` | +| `src/GmRelay.DiscordBot/Features/Sessions/DiscordListSessionsHandler.cs` | Handler запроса активных сессий и публикации embed | +| `src/GmRelay.DiscordBot/Infrastructure/Discord/DiscordPermissionChecker.cs` | Проверка прав пользователя в guild (owner/admin/manager) | +| `src/GmRelay.DiscordBot/Infrastructure/Discord/DiscordPlatformMessenger.cs` | Реализация `IPlatformMessenger` для отправки/обновления расписания в Discord | +| `tests/GmRelay.Bot.Tests/Discord/DiscordNewSessionHandlerTests.cs` | TDD-тесты создания сессий из Discord | +| `tests/GmRelay.Bot.Tests/Discord/DiscordListSessionsHandlerTests.cs` | TDD-тесты вывода расписания | +| `tests/GmRelay.Bot.Tests/Discord/DiscordPermissionCheckerTests.cs` | TDD-тесты проверки прав | +| `src/GmRelay.DiscordBot/Program.cs` | Регистрация DI: handlers, permission checker, platform messenger | + +--- + +## Task 1: DiscordPermissionChecker + +**Files:** +- Create: `src/GmRelay.DiscordBot/Infrastructure/Discord/DiscordPermissionChecker.cs` +- Test: `tests/GmRelay.Bot.Tests/Discord/DiscordPermissionCheckerTests.cs` + +**Context:** Discord использует guild-роли. Для MVP достаточно проверки: пользователь — owner guild, имеет роль `Administrator`, или записан как `group_managers` в БД для данной `game_groups`. + +### Step 1.1: Write the failing test + +```csharp +using GmRelay.DiscordBot.Infrastructure.Discord; + +namespace GmRelay.Bot.Tests.Discord; + +public sealed class DiscordPermissionCheckerTests +{ + [Fact] + public void CanManageSchedule_WhenUserIsGuildOwner_ReturnsTrue() + { + var checker = new DiscordPermissionChecker(); + var result = checker.CanManageSchedule( + guildOwnerId: 123456789ul, + userId: 123456789ul, + userRoles: Array.Empty(), + dbManagerUserIds: Array.Empty()); + + Assert.True(result); + } + + [Fact] + public void CanManageSchedule_WhenUserHasAdministratorRole_ReturnsTrue() + { + var checker = new DiscordPermissionChecker(); + var adminRole = 999ul; + var result = checker.CanManageSchedule( + guildOwnerId: 123456789ul, + userId: 987654321ul, + userRoles: new[] { adminRole }, + dbManagerUserIds: Array.Empty()); + + Assert.True(result); + } + + [Fact] + public void CanManageSchedule_WhenUserIsDbManager_ReturnsTrue() + { + var checker = new DiscordPermissionChecker(); + var managerId = 555ul; + var result = checker.CanManageSchedule( + guildOwnerId: 123456789ul, + userId: managerId, + userRoles: Array.Empty(), + dbManagerUserIds: new[] { managerId }); + + Assert.True(result); + } + + [Fact] + public void CanManageSchedule_WhenRegularUser_ReturnsFalse() + { + var checker = new DiscordPermissionChecker(); + var result = checker.CanManageSchedule( + guildOwnerId: 123456789ul, + userId: 111ul, + userRoles: Array.Empty(), + dbManagerUserIds: new[] { 222ul }); + + Assert.False(result); + } +} +``` + +### Step 1.2: Run test to verify it fails + +Run: `dotnet test tests/GmRelay.Bot.Tests/GmRelay.Bot.Tests.csproj --filter "FullyQualifiedName~DiscordPermissionCheckerTests" --verbosity normal` +Expected: FAIL — `DiscordPermissionChecker` not found. + +### Step 1.3: Write minimal implementation + +Create `src/GmRelay.DiscordBot/Infrastructure/Discord/DiscordPermissionChecker.cs`: + +```csharp +namespace GmRelay.DiscordBot.Infrastructure.Discord; + +public sealed class DiscordPermissionChecker +{ + // Discord Administrator permission bitflag + private const ulong AdministratorPermission = 0x8; + + public bool CanManageSchedule( + ulong guildOwnerId, + ulong userId, + IEnumerable userRoles, + IEnumerable dbManagerUserIds) + { + if (userId == guildOwnerId) + return true; + + if (dbManagerUserIds.Contains(userId)) + return true; + + // NetCord provides permission resolution via GuildUser.Permissions; + // here we accept pre-resolved flag for simplicity. + // Actual command handler will pass resolved permissions. + return false; + } + + public bool CanManageSchedule(ulong guildOwnerId, ulong userId, IEnumerable dbManagerUserIds, ulong resolvedPermissions) + { + if (userId == guildOwnerId) + return true; + + if (dbManagerUserIds.Contains(userId)) + return true; + + return (resolvedPermissions & AdministratorPermission) == AdministratorPermission; + } +} +``` + +### Step 1.4: Run test to verify it passes + +Run: `dotnet test tests/GmRelay.Bot.Tests/GmRelay.Bot.Tests.csproj --filter "FullyQualifiedName~DiscordPermissionCheckerTests" --verbosity normal` +Expected: PASS (4/4). + +### Step 1.5: Commit + +```bash +git add src/GmRelay.DiscordBot/Infrastructure/Discord/DiscordPermissionChecker.cs tests/GmRelay.Bot.Tests/Discord/DiscordPermissionCheckerTests.cs +git commit -m "feat(discord): add DiscordPermissionChecker for session management rights + +Co-Authored-By: Claude Opus 4.7 " +``` + +--- + +## Task 2: DiscordListSessionsHandler + Command + +**Files:** +- Create: `src/GmRelay.DiscordBot/Features/Sessions/DiscordListSessionsHandler.cs` +- Create: `src/GmRelay.DiscordBot/Features/Sessions/DiscordListSessionsCommand.cs` +- Test: `tests/GmRelay.Bot.Tests/Discord/DiscordListSessionsHandlerTests.cs` + +**Context:** Handler должен: +1. Найти `game_groups` по `external_group_id` = `guild_id`. +2. Выбрать предстоящие сессии (`scheduled_at > NOW()`, `status != Cancelled`). +3. Собрать участников. +4. Построить view через `SessionBatchViewBuilder`. +5. Отрендерить через `DiscordSessionBatchRenderer`. +6. Отправить embed + buttons в Discord channel. + +### Step 2.1: Write the failing test + +Create `tests/GmRelay.Bot.Tests/Discord/DiscordListSessionsHandlerTests.cs`: + +```csharp +using GmRelay.DiscordBot.Features.Sessions; +using GmRelay.Shared.Domain; +using GmRelay.Shared.Rendering; + +namespace GmRelay.Bot.Tests.Discord; + +public sealed class DiscordListSessionsHandlerTests +{ + [Fact] + public void BuildSchedule_WithSessions_ReturnsEmbedsAndButtons() + { + var sessionId = Guid.NewGuid(); + var sessions = new[] + { + new SessionBatchDto(sessionId, DateTime.UtcNow.AddDays(1), SessionStatus.Planned, 4, "https://example.com") + }; + var participants = Array.Empty(); + + var view = SessionBatchViewBuilder.Build("Test Campaign", sessions, participants); + var (embeds, actionRows) = GmRelay.DiscordBot.Rendering.DiscordSessionBatchRenderer.Render(view); + + Assert.Single(embeds); + Assert.Single(actionRows); + } + + [Fact] + public void BuildSchedule_WithCancelledSession_SkipsActionRows() + { + var cancelledSessionId = Guid.NewGuid(); + var sessions = new[] { new SessionBatchDto(cancelledSessionId, DateTime.UtcNow.AddDays(1), SessionStatus.Cancelled, null, "") }; + var participants = Array.Empty(); + + var view = SessionBatchViewBuilder.Build("Test Campaign", sessions, participants); + var (embeds, actionRows) = GmRelay.DiscordBot.Rendering.DiscordSessionBatchRenderer.Render(view); + + Assert.Single(embeds); + Assert.Empty(actionRows); + } +} +``` + +### Step 2.2: Run test — verify RED + +Run: `dotnet test tests/GmRelay.Bot.Tests/GmRelay.Bot.Tests.csproj --filter "FullyQualifiedName~DiscordListSessionsHandlerTests" --verbosity normal` +Expected: FAIL — `DiscordListSessionsHandler` not found. + +### Step 2.3: Write minimal implementation + +Create `src/GmRelay.DiscordBot/Features/Sessions/DiscordListSessionsHandler.cs`: + +```csharp +using Dapper; +using GmRelay.Shared.Domain; +using GmRelay.Shared.Rendering; +using NetCord.Rest; +using Npgsql; + +namespace GmRelay.DiscordBot.Features.Sessions; + +internal sealed record DiscordSessionListItemDto( + Guid Id, string Title, DateTime ScheduledAt, string Status, int? MaxPlayers, + int PlayerCount, int WaitlistCount); + +public sealed class DiscordListSessionsHandler(NpgsqlDataSource dataSource) +{ + public async Task BuildScheduleAsync( + string guildId, + string channelId, + CancellationToken cancellationToken) + { + await using var connection = await dataSource.OpenConnectionAsync(cancellationToken); + + var sessions = await connection.QueryAsync( + @"SELECT s.id as Id, s.title as Title, s.scheduled_at as ScheduledAt, s.status as Status, + s.max_players as MaxPlayers, + COUNT(sp.id) FILTER (WHERE sp.is_gm = false AND sp.registration_status = @Active) as PlayerCount, + COUNT(sp.id) FILTER (WHERE sp.is_gm = false AND sp.registration_status = @Waitlisted) as WaitlistCount + FROM sessions s + JOIN game_groups g ON s.group_id = g.id + LEFT JOIN session_participants sp ON s.id = sp.session_id + WHERE g.platform = 'Discord' + AND g.external_group_id = @GuildId + AND s.status != @Cancelled + AND s.scheduled_at > NOW() + GROUP BY s.id, s.title, s.scheduled_at, s.status, s.max_players + ORDER BY s.scheduled_at ASC", + new + { + GuildId = guildId, + Cancelled = SessionStatus.Cancelled, + Active = ParticipantRegistrationStatus.Active, + Waitlisted = ParticipantRegistrationStatus.Waitlisted + }); + + var sessionList = sessions.ToList(); + if (sessionList.Count == 0) + return null; + + var sessionIds = sessionList.Select(s => s.Id).ToList(); + var participants = await connection.QueryAsync( + @"SELECT sp.session_id as SessionId, + p.display_name as DisplayName, + COALESCE(p.external_username, p.telegram_username) as TelegramUsername, + sp.registration_status as RegistrationStatus + FROM session_participants sp + JOIN players p ON p.id = sp.player_id + WHERE sp.session_id = ANY(@SessionIds) AND sp.is_gm = false + ORDER BY sp.registration_status ASC, sp.created_at ASC", + new { SessionIds = sessionIds }); + + var firstTitle = sessionList.First().Title; + var batchDtos = sessionList.Select(s => new SessionBatchDto( + s.Id, s.ScheduledAt, s.Status, s.MaxPlayers, "")).ToList(); + + return SessionBatchViewBuilder.Build(firstTitle, batchDtos, participants.ToList()); + } +} +``` + +Create `src/GmRelay.DiscordBot/Features/Sessions/DiscordListSessionsCommand.cs`: + +```csharp +using NetCord.Rest; +using NetCord.Services.ApplicationCommands; + +namespace GmRelay.DiscordBot.Features.Sessions; + +[SlashCommand("listsessions", "Show upcoming game sessions in this server")] +public class DiscordListSessionsCommand : SlashCommandModule +{ + private readonly DiscordListSessionsHandler _handler; + + public DiscordListSessionsCommand(DiscordListSessionsHandler handler) + { + _handler = handler; + } + + public override async Task ExecuteAsync() + { + var guildId = Context.Guild?.Id.ToString() + ?? throw new InvalidOperationException("This command can only be used in a guild."); + var channelId = Context.Channel.Id.ToString(); + + var view = await _handler.BuildScheduleAsync(guildId, channelId, Context.CancellationToken); + + if (view is null) + { + await Context.Interaction.SendResponseAsync( + InteractionCallback.Message("📭 В этом сервере нет предстоящих игр.")); + return; + } + + var (embeds, actionRows) = Rendering.DiscordSessionBatchRenderer.Render(view); + + await Context.Interaction.SendResponseAsync( + InteractionCallback.Message(new InteractionMessageProperties() + .WithEmbeds(embeds) + .WithComponents(actionRows))); + } +} +``` + +### Step 2.4: Run test — verify GREEN + +Run: `dotnet test tests/GmRelay.Bot.Tests/GmRelay.Bot.Tests.csproj --filter "FullyQualifiedName~DiscordListSessionsHandlerTests" --verbosity normal` +Expected: PASS. + +### Step 2.5: Commit + +```bash +git add src/GmRelay.DiscordBot/Features/Sessions/DiscordListSessionsHandler.cs src/GmRelay.DiscordBot/Features/Sessions/DiscordListSessionsCommand.cs tests/GmRelay.Bot.Tests/Discord/DiscordListSessionsHandlerTests.cs +git commit -m "feat(discord): add /listsessions slash command and handler + +Co-Authored-By: Claude Opus 4.7 " +``` + +--- + +## Task 3: DiscordNewSessionHandler + Command + +**Files:** +- Create: `src/GmRelay.DiscordBot/Features/Sessions/DiscordNewSessionHandler.cs` +- Create: `src/GmRelay.DiscordBot/Features/Sessions/DiscordNewSessionCommand.cs` +- Test: `tests/GmRelay.Bot.Tests/Discord/DiscordNewSessionHandlerTests.cs` + +**Context:** Handler должен: +1. Проверить права пользователя (owner/admin/manager). +2. Upsert игрока (GM) в `players` с `platform = 'Discord'`. +3. Upsert `game_groups` с `platform = 'Discord'`, `external_group_id = guild_id`. +4. Создать batch + sessions. +5. Отправить rendered schedule в Discord channel. +6. Сохранить `platform_messages` reference. + +### Step 3.1: Write the failing test + +Create `tests/GmRelay.Bot.Tests/Discord/DiscordNewSessionHandlerTests.cs`: + +```csharp +using GmRelay.DiscordBot.Features.Sessions; + +namespace GmRelay.Bot.Tests.Discord; + +public sealed class DiscordNewSessionHandlerTests +{ + [Fact] + public void ParseTimeInput_ShouldParseDiscordDateFormat() + { + var result = DiscordNewSessionHandler.ParseTimeInput("2026-05-20 19:30"); + Assert.True(result.IsSuccess); + Assert.Equal(2026, result.Value.Year); + Assert.Equal(5, result.Value.Month); + Assert.Equal(20, result.Value.Day); + Assert.Equal(19, result.Value.Hour); + Assert.Equal(30, result.Value.Minute); + } + + [Fact] + public void ParseTimeInput_ShouldRejectPastDate() + { + var result = DiscordNewSessionHandler.ParseTimeInput("2020-01-01 00:00"); + Assert.False(result.IsSuccess); + } + + [Fact] + public void ParseTimeInput_ShouldParseRussianDateFormat() + { + var result = DiscordNewSessionHandler.ParseTimeInput("20.05.2026 19:30"); + Assert.True(result.IsSuccess); + Assert.Equal(2026, result.Value.Year); + Assert.Equal(5, result.Value.Month); + Assert.Equal(20, result.Value.Day); + } + + [Fact] + public void ParseTimeInput_ShouldRejectInvalidFormat() + { + var result = DiscordNewSessionHandler.ParseTimeInput("not-a-date"); + Assert.False(result.IsSuccess); + Assert.NotNull(result.Error); + } +} +``` + +### Step 3.2: Run test — verify RED + +Run: `dotnet test tests/GmRelay.Bot.Tests/GmRelay.Bot.Tests.csproj --filter "FullyQualifiedName~DiscordNewSessionHandlerTests" --verbosity normal` +Expected: FAIL — `DiscordNewSessionHandler` not found. + +### Step 3.3: Write minimal implementation + +Create `src/GmRelay.DiscordBot/Features/Sessions/DiscordNewSessionHandler.cs`: + +```csharp +using Dapper; +using GmRelay.DiscordBot.Infrastructure.Discord; +using GmRelay.Shared.Domain; +using GmRelay.Shared.Platform; +using GmRelay.Shared.Rendering; +using Npgsql; + +namespace GmRelay.DiscordBot.Features.Sessions; + +public sealed record TimeParseResult(bool IsSuccess, DateTimeOffset Value, string? Error); + +public sealed class DiscordNewSessionHandler( + NpgsqlDataSource dataSource, + DiscordPermissionChecker permissionChecker, + IPlatformMessenger messenger, + ILogger logger) +{ + public static TimeParseResult ParseTimeInput(string input) + { + if (DateTimeOffset.TryParseExact( + input.Trim(), + "yyyy-MM-dd HH:mm", + System.Globalization.CultureInfo.InvariantCulture, + System.Globalization.DateTimeStyles.AssumeUniversal, + out var result)) + { + if (result < DateTimeOffset.UtcNow) + return new TimeParseResult(false, default, "Дата находится в прошлом."); + + return new TimeParseResult(true, result.ToUniversalTime(), null); + } + + if (DateTimeOffset.TryParseExact( + input.Trim(), + "dd.MM.yyyy HH:mm", + System.Globalization.CultureInfo.InvariantCulture, + System.Globalization.DateTimeStyles.AssumeUniversal, + out var altResult)) + { + if (altResult < DateTimeOffset.UtcNow) + return new TimeParseResult(false, default, "Дата находится в прошлом."); + + return new TimeParseResult(true, altResult.ToUniversalTime(), null); + } + + return new TimeParseResult(false, default, "Некорректный формат даты. Используйте YYYY-MM-DD HH:mm или DD.MM.YYYY HH:mm"); + } + + public async Task HandleAsync( + string guildId, + string channelId, + ulong userId, + string userDisplayName, + IEnumerable userRoles, + ulong guildOwnerId, + string title, + DateTimeOffset scheduledAt, + int? maxPlayers, + string? joinLink, + CancellationToken cancellationToken) + { + await using var connection = await dataSource.OpenConnectionAsync(cancellationToken); + + // Resolve db managers + var dbManagerUserIds = await connection.QueryAsync( + @"SELECT CAST(p.external_user_id AS BIGINT) + FROM group_managers gm + JOIN players p ON p.id = gm.player_id + JOIN game_groups g ON g.id = gm.group_id + WHERE g.platform = 'Discord' AND g.external_group_id = @GuildId", + new { GuildId = guildId }); + + if (!permissionChecker.CanManageSchedule(guildOwnerId, userId, userRoles, dbManagerUserIds)) + { + throw new UnauthorizedAccessException("⛔ Только owner, администратор или manager могут создавать сессии."); + } + + await using var transaction = await connection.BeginTransactionAsync(cancellationToken); + try + { + // Upsert player + await connection.ExecuteAsync( + @"INSERT INTO players (display_name, platform, external_user_id, external_username) + VALUES (@Name, 'Discord', @UserId, @Name) + ON CONFLICT (platform, external_user_id) + WHERE platform IS NOT NULL AND external_user_id IS NOT NULL + DO UPDATE SET display_name = EXCLUDED.display_name, + external_username = EXCLUDED.external_username", + new { Name = userDisplayName, UserId = userId.ToString() }, + transaction); + + // Upsert group + var groupId = await connection.ExecuteScalarAsync( + @"INSERT INTO game_groups (name, platform, external_group_id, external_channel_id) + VALUES (@GuildId, 'Discord', @GuildId, @ChannelId) + ON CONFLICT (platform, external_group_id) + WHERE platform IS NOT NULL AND external_group_id IS NOT NULL + DO UPDATE SET name = EXCLUDED.name, + external_channel_id = COALESCE(EXCLUDED.external_channel_id, game_groups.external_channel_id) + RETURNING id", + new { GuildId = guildId, ChannelId = channelId }, + transaction); + + // Ensure manager record + await connection.ExecuteAsync( + @"INSERT INTO group_managers (group_id, player_id, role) + SELECT @GroupId, p.id, @OwnerRole + FROM players p + WHERE p.platform = 'Discord' AND p.external_user_id = @UserId + ON CONFLICT (group_id, player_id) DO NOTHING", + new { GroupId = groupId, UserId = userId.ToString(), OwnerRole = GroupManagerRoleExtensions.OwnerValue }, + transaction); + + // Create batch + session + var batchId = Guid.NewGuid(); + var sessionId = await connection.ExecuteScalarAsync( + @"INSERT INTO sessions (batch_id, group_id, title, join_link, scheduled_at, status, max_players) + VALUES (@BatchId, @GroupId, @Title, @Link, @ScheduledAt, @Status, @MaxPlayers) + RETURNING id", + new + { + BatchId = batchId, + GroupId = groupId, + Title = title, + Link = joinLink ?? string.Empty, + ScheduledAt = scheduledAt.UtcDateTime, + Status = SessionStatus.Planned, + MaxPlayers = maxPlayers + }, + transaction); + + await transaction.CommitAsync(cancellationToken); + + var sessions = new[] { new SessionBatchDto(sessionId, scheduledAt.UtcDateTime, SessionStatus.Planned, maxPlayers, joinLink ?? string.Empty) }; + var view = SessionBatchViewBuilder.Build(title, sessions, Array.Empty()); + + await messenger.SendScheduleAsync( + new PlatformScheduleMessage( + new PlatformGroup(PlatformKind.Discord, guildId, guildId, channelId), + view, + null), + cancellationToken); + + return view; + } + catch + { + await transaction.RollbackAsync(cancellationToken); + throw; + } + } +} +``` + +Create `src/GmRelay.DiscordBot/Features/Sessions/DiscordNewSessionCommand.cs`: + +```csharp +using NetCord.Rest; +using NetCord.Services.ApplicationCommands; + +namespace GmRelay.DiscordBot.Features.Sessions; + +[SlashCommand("newsession", "Create a new game session")] +public class DiscordNewSessionCommand : SlashCommandModule +{ + private readonly DiscordNewSessionHandler _handler; + + public DiscordNewSessionCommand(DiscordNewSessionHandler handler) + { + _handler = handler; + } + + [SlashCommandOption("title", "Game title", Required = true)] + public string Title { get; set; } = string.Empty; + + [SlashCommandOption("time", "Session time (YYYY-MM-DD HH:mm or DD.MM.YYYY HH:mm)", Required = true)] + public string Time { get; set; } = string.Empty; + + [SlashCommandOption("seats", "Maximum number of players", Required = false)] + public long? Seats { get; set; } + + [SlashCommandOption("link", "Join link", Required = false)] + public string? Link { get; set; } + + public override async Task ExecuteAsync() + { + var guild = Context.Guild + ?? throw new InvalidOperationException("This command can only be used in a guild."); + + var timeResult = DiscordNewSessionHandler.ParseTimeInput(Time); + if (!timeResult.IsSuccess) + { + await Context.Interaction.SendResponseAsync( + InteractionCallback.Message($"❌ {timeResult.Error}")); + return; + } + + try + { + var view = await _handler.HandleAsync( + guildId: guild.Id.ToString(), + channelId: Context.Channel.Id.ToString(), + userId: Context.User.Id, + userDisplayName: Context.User.GlobalName ?? Context.User.Username, + userRoles: Context.GuildUser!.RoleIds, + guildOwnerId: guild.OwnerId, + title: Title, + scheduledAt: timeResult.Value, + maxPlayers: Seats is null ? null : (int)Seats.Value, + joinLink: Link, + Context.CancellationToken); + + await Context.Interaction.SendResponseAsync( + InteractionCallback.Message("✅ Сессия создана!")); + } + catch (UnauthorizedAccessException ex) + { + await Context.Interaction.SendResponseAsync( + InteractionCallback.Message($"⛅ {ex.Message}")); + } + catch (Exception ex) + { + await Context.Interaction.SendResponseAsync( + InteractionCallback.Message("💥 Произошла ошибка при создании сессии.")); + } + } +} +``` + +### Step 3.4: Run test — verify GREEN + +Run: `dotnet test tests/GmRelay.Bot.Tests/GmRelay.Bot.Tests.csproj --filter "FullyQualifiedName~DiscordNewSessionHandlerTests" --verbosity normal` +Expected: PASS. + +### Step 3.5: Commit + +```bash +git add src/GmRelay.DiscordBot/Features/Sessions/DiscordNewSessionHandler.cs src/GmRelay.DiscordBot/Features/Sessions/DiscordNewSessionCommand.cs tests/GmRelay.Bot.Tests/Discord/DiscordNewSessionHandlerTests.cs +git commit -m "feat(discord): add /newsession slash command and handler + +Co-Authored-By: Claude Opus 4.7 " +``` + +--- + +## Task 4: DiscordPlatformMessenger + +**Files:** +- Create: `src/GmRelay.DiscordBot/Infrastructure/Discord/DiscordPlatformMessenger.cs` +- Test: `tests/GmRelay.Bot.Tests/Discord/DiscordPlatformMessengerTests.cs` + +**Context:** Необходима реализация `IPlatformMessenger` для отправки schedule embeds и обновления существующих сообщений в Discord. Для MVP достаточно `SendScheduleAsync` и `UpdateScheduleAsync` (stub для остальных). + +### Step 4.1: Write the failing test + +Create `tests/GmRelay.Bot.Tests/Discord/DiscordPlatformMessengerTests.cs`: + +```csharp +using GmRelay.DiscordBot.Infrastructure.Discord; +using GmRelay.Shared.Platform; +using GmRelay.Shared.Rendering; + +namespace GmRelay.Bot.Tests.Discord; + +public sealed class DiscordPlatformMessengerTests +{ + [Fact] + public void Constructor_ShouldAcceptRestClient() + { + // DiscordPlatformMessenger requires a NetCord.Rest.RestClient. + // We verify the type can be instantiated (RestClient itself is not easily unit-testable without a real token). + // This test proves the contract exists and compiles. + var constructor = typeof(DiscordPlatformMessenger).GetConstructor(new[] { typeof(NetCord.Rest.RestClient) }); + Assert.NotNull(constructor); + } + + [Fact] + public void DiscordPlatformMessenger_ShouldImplementIPlatformMessenger() + { + Assert.True(typeof(IPlatformMessenger).IsAssignableFrom(typeof(DiscordPlatformMessenger))); + } +} +``` + +### Step 4.2: Run test — verify RED + +Run: `dotnet test tests/GmRelay.Bot.Tests/GmRelay.Bot.Tests.csproj --filter "FullyQualifiedName~DiscordPlatformMessengerTests" --verbosity normal` +Expected: FAIL — `DiscordPlatformMessenger` not found. + +### Step 4.3: Write minimal implementation + +Create `src/GmRelay.DiscordBot/Infrastructure/Discord/DiscordPlatformMessenger.cs`: + +```csharp +using GmRelay.DiscordBot.Rendering; +using GmRelay.Shared.Platform; +using GmRelay.Shared.Rendering; +using NetCord; +using NetCord.Rest; + +namespace GmRelay.DiscordBot.Infrastructure.Discord; + +public sealed class DiscordPlatformMessenger(RestClient restClient) : IPlatformMessenger +{ + public async Task SendScheduleAsync(PlatformScheduleMessage message, CancellationToken ct) + { + var (embeds, actionRows) = DiscordSessionBatchRenderer.Render(message.View); + + var channelId = ulong.Parse(message.Group.ExternalChannelId + ?? message.Group.ExternalGroupId); + + var msg = await restClient.SendMessageAsync( + channelId, + new MessageProperties() + .WithEmbeds(embeds) + .WithComponents(actionRows), + ct); + + return new PlatformMessageRef( + PlatformKind.Discord, + message.Group.ExternalGroupId, + null, + msg.Id.ToString()); + } + + public async Task UpdateScheduleAsync(PlatformScheduleMessage message, CancellationToken ct) + { + if (message.ExistingMessage is null) + return; + + var (embeds, actionRows) = DiscordSessionBatchRenderer.Render(message.View); + + var channelId = ulong.Parse(message.Group.ExternalChannelId + ?? message.Group.ExternalGroupId); + var messageId = ulong.Parse(message.ExistingMessage.ExternalMessageId); + + await restClient.ModifyMessageAsync( + channelId, + messageId, + new MessageProperties() + .WithEmbeds(embeds) + .WithComponents(actionRows), + ct); + } + + public Task SendGroupMessageAsync(PlatformGroup group, string htmlText, CancellationToken ct) + { + // MVP: not needed for /newsession and /listsessions + return Task.CompletedTask; + } + + public Task SendPrivateMessageAsync(PlatformPrivateMessage message, CancellationToken ct) + { + // MVP: not needed + return Task.CompletedTask; + } + + public Task AnswerInteractionAsync(PlatformInteractionReply reply, CancellationToken ct) + { + // MVP: not needed (commands answer inline via SlashCommandContext) + return Task.CompletedTask; + } + + public Task SendCalendarFileAsync(PlatformCalendarFile file, CancellationToken ct) + { + // MVP: not needed + return Task.CompletedTask; + } +} +``` + +### Step 4.4: Run test — verify GREEN + +Run: `dotnet test tests/GmRelay.Bot.Tests/GmRelay.Bot.Tests.csproj --filter "FullyQualifiedName~DiscordPlatformMessengerTests" --verbosity normal` +Expected: PASS. + +### Step 4.5: Commit + +```bash +git add src/GmRelay.DiscordBot/Infrastructure/Discord/DiscordPlatformMessenger.cs tests/GmRelay.Bot.Tests/Discord/DiscordPlatformMessengerTests.cs +git commit -m "feat(discord): add DiscordPlatformMessenger IPlatformMessenger implementation + +Co-Authored-By: Claude Opus 4.7 " +``` + +--- + +## Task 5: Wire up DI and Register Commands + +**Files:** +- Modify: `src/GmRelay.DiscordBot/Program.cs` + +### Step 5.1: Write the failing test (structure test) + +Modify `tests/GmRelay.Bot.Tests/Discord/DiscordStartupTests.cs` — add test that asserts new handlers are registered: + +```csharp +[Fact] +public void Program_ShouldRegisterDiscordSessionHandlers() +{ + var program = ReadProgram(); + Assert.Contains("DiscordListSessionsHandler", program); + Assert.Contains("DiscordNewSessionHandler", program); + Assert.Contains("DiscordPermissionChecker", program); + Assert.Contains("DiscordPlatformMessenger", program); + Assert.Contains("IPlatformMessenger", program); +} +``` + +### Step 5.2: Run test — verify RED + +Run: `dotnet test tests/GmRelay.Bot.Tests/GmRelay.Bot.Tests.csproj --filter "FullyQualifiedName~DiscordStartupTests" --verbosity normal` +Expected: FAIL — asserts not found in Program.cs. + +### Step 5.3: Write minimal implementation + +Modify `src/GmRelay.DiscordBot/Program.cs`: + +```csharp +using GmRelay.DiscordBot.Features.Sessions; +using GmRelay.DiscordBot.Infrastructure.Discord; +using GmRelay.Shared.Platform; + +// ... existing usings ... + +builder.Services.AddSingleton(); +builder.Services.AddSingleton(); +builder.Services.AddSingleton(); +builder.Services.AddSingleton(); + +// After host.Build(): +host.AddSlashCommand("listsessions", "Show upcoming game sessions", async (DiscordListSessionsHandler handler, SlashCommandContext context) => +{ + // NetCord module-based approach preferred; if AddSlashCommand lambda doesn't support DI injection of custom services, + // rely on module classes registered via AddApplicationCommands +}); +``` + +**Important:** NetCord module classes (`DiscordListSessionsCommand`, `DiscordNewSessionCommand`) автоматически регистрируются через `AddApplicationCommands()` + `AddGatewayHandlers(typeof(Program).Assembly)`. Constructor injection в модулях работает через DI контейнер. Никаких дополнительных `AddSlashCommand` для модулей не требуется. + +Убедиться, что в Program.cs есть: +```csharp +builder.Services.AddSingleton(); +builder.Services.AddSingleton(); +builder.Services.AddSingleton(); +builder.Services.AddSingleton(); +``` + +### Step 5.4: Run test — verify GREEN + +Run: `dotnet test tests/GmRelay.Bot.Tests/GmRelay.Bot.Tests.csproj --filter "FullyQualifiedName~DiscordStartupTests" --verbosity normal` +Expected: PASS. + +### Step 5.5: Commit + +```bash +git add src/GmRelay.DiscordBot/Program.cs tests/GmRelay.Bot.Tests/Discord/DiscordStartupTests.cs +git commit -m "feat(discord): wire up DI registrations for session handlers and messenger + +Co-Authored-By: Claude Opus 4.7 " +``` + +--- + +## Task 6: Build Verification + +### Step 6.1: Build DiscordBot project + +Run: `dotnet build src/GmRelay.DiscordBot/GmRelay.DiscordBot.csproj --no-restore` +Expected: Build succeeds (0 errors, 0 warnings). + +### Step 6.2: Run all tests + +Run: `dotnet test tests/GmRelay.Bot.Tests/GmRelay.Bot.Tests.csproj --verbosity normal` +Expected: All tests pass. + +### Step 6.3: Commit if any fixes needed + +If build or tests required fixes, commit them. + +--- + +## Task 7: Version Bump + +**Files to modify:** +- `Directory.Build.props`: `2.4.0` +- `compose.yaml`: обновить теги `gmrelay-bot`, `gmrelay-web`, `gmrelay-discord-bot` → `2.4.0` +- `.gitea/workflows/deploy.yml`: `VERSION: 2.4.0` +- `src/GmRelay.Web/Components/Layout/NavMenu.razor`: `
v2.4.0
` + +### Step 7.1: Bump version + +Apply изменения ко всем 4 файлам. + +### Step 7.2: Update version test + +Modify `tests/GmRelay.Bot.Tests/Discord/DiscordProjectStructureTests.cs` — обновить `Version_ShouldBeSynchronizedForDiscordFeatureRelease` ожидаемое значение на `2.4.0`. + +### Step 7.3: Run version test + +Run: `dotnet test tests/GmRelay.Bot.Tests/GmRelay.Bot.Tests.csproj --filter "FullyQualifiedName~Version_ShouldBeSynchronizedForDiscordFeatureRelease" --verbosity normal` +Expected: PASS. + +### Step 7.4: Commit + +```bash +git add Directory.Build.props compose.yaml .gitea/workflows/deploy.yml src/GmRelay.Web/Components/Layout/NavMenu.razor tests/GmRelay.Bot.Tests/Discord/DiscordProjectStructureTests.cs +git commit -m "chore: bump version to 2.4.0 + +Synchronized across Directory.Build.props, compose.yaml, deploy.yml, NavMenu.razor + +Co-Authored-By: Claude Opus 4.7 " +``` + +--- + +## Spec Coverage Self-Review + +| Issue Requirement | Task | +|---|---| +| Slash command `/newsession` | Task 3 | +| Slash command `/listsessions` | Task 2 | +| Сохранение platform group identity (guild/channel) | Task 3 (game_groups.platform, external_group_id, external_channel_id) | +| Минимальная проверка прав | Task 1 + Task 3 | +| Данные пишутся в общую PostgreSQL без Telegram-only assumptions | Task 2, 3 SQL используют platform-agnostic колонки | +| `/listsessions` публикует/обновляет расписание | Task 2 + Task 4 | + +**Placeholder scan:** Нет TBD, TODO, "implement later". Каждый шаг содержит конкретный код. + +**Type consistency:** `DiscordPermissionChecker.CanManageSchedule` перегружен для resolved permissions (ulong bitflag). Handler передает `Context.GuildUser.RoleIds` и `guild.OwnerId`. + +--- + +## Execution Handoff + +**Plan complete and saved to `docs/superpowers/plans/2026-05-19-discord-newsession-listsessions.md`.** + +**Two execution options:** + +1. **Subagent-Driven (recommended)** — I dispatch a fresh subagent per task, review between tasks, fast iteration +2. **Inline Execution** — Execute tasks in this session using executing-plans, batch execution with checkpoints for review + +**Which approach?** diff --git a/src/GmRelay.DiscordBot/Features/Sessions/DiscordNewSessionCommand.cs b/src/GmRelay.DiscordBot/Features/Sessions/DiscordNewSessionCommand.cs index ca31b63..4736090 100644 --- a/src/GmRelay.DiscordBot/Features/Sessions/DiscordNewSessionCommand.cs +++ b/src/GmRelay.DiscordBot/Features/Sessions/DiscordNewSessionCommand.cs @@ -7,10 +7,12 @@ namespace GmRelay.DiscordBot.Features.Sessions; public class DiscordNewSessionCommand : ApplicationCommandModule { private readonly DiscordNewSessionHandler _handler; + private readonly ILogger _logger; - public DiscordNewSessionCommand(DiscordNewSessionHandler handler) + public DiscordNewSessionCommand(DiscordNewSessionHandler handler, ILogger logger) { _handler = handler; + _logger = logger; } public async Task ExecuteAsync( @@ -26,10 +28,12 @@ public class DiscordNewSessionCommand : ApplicationCommandModule(), // NetCord alpha.489: GuildUser not exposed on SlashCommandContext + resolvedPermissions: resolvedPermissions, guildOwnerId: guild.OwnerId, title: title, scheduledAt: timeResult.Value, @@ -46,17 +50,33 @@ public class DiscordNewSessionCommand : ApplicationCommandModule userRoles, + ulong resolvedPermissions, ulong guildOwnerId, string title, DateTimeOffset scheduledAt, @@ -69,7 +69,7 @@ public sealed class DiscordNewSessionHandler( WHERE g.platform = 'Discord' AND g.external_group_id = @GuildId", new { GuildId = guildId }); - if (!permissionChecker.CanManageSchedule(guildOwnerId, userId, userRoles, dbManagerUserIds)) + if (!permissionChecker.CanManageSchedule(guildOwnerId, userId, dbManagerUserIds, resolvedPermissions)) { throw new UnauthorizedAccessException("⛔ Только owner, администратор или manager могут создавать сессии."); } diff --git a/src/GmRelay.DiscordBot/Infrastructure/Discord/DiscordPermissionChecker.cs b/src/GmRelay.DiscordBot/Infrastructure/Discord/DiscordPermissionChecker.cs index d9b745b..ad62c77 100644 --- a/src/GmRelay.DiscordBot/Infrastructure/Discord/DiscordPermissionChecker.cs +++ b/src/GmRelay.DiscordBot/Infrastructure/Discord/DiscordPermissionChecker.cs @@ -7,19 +7,8 @@ public sealed class DiscordPermissionChecker public bool CanManageSchedule( ulong guildOwnerId, ulong userId, - IEnumerable userRoles, - IEnumerable dbManagerUserIds) - { - if (userId == guildOwnerId) - return true; - - if (dbManagerUserIds.Contains(userId)) - return true; - - return false; - } - - public bool CanManageSchedule(ulong guildOwnerId, ulong userId, IEnumerable dbManagerUserIds, ulong resolvedPermissions) + IEnumerable dbManagerUserIds, + ulong resolvedPermissions) { if (userId == guildOwnerId) return true; @@ -30,3 +19,4 @@ public sealed class DiscordPermissionChecker return (resolvedPermissions & AdministratorPermission) == AdministratorPermission; } } + diff --git a/tests/GmRelay.Bot.Tests/Discord/DiscordPermissionCheckerTests.cs b/tests/GmRelay.Bot.Tests/Discord/DiscordPermissionCheckerTests.cs index 64815fa..6df82fb 100644 --- a/tests/GmRelay.Bot.Tests/Discord/DiscordPermissionCheckerTests.cs +++ b/tests/GmRelay.Bot.Tests/Discord/DiscordPermissionCheckerTests.cs @@ -11,8 +11,8 @@ public sealed class DiscordPermissionCheckerTests var result = checker.CanManageSchedule( guildOwnerId: 123456789ul, userId: 123456789ul, - userRoles: Array.Empty(), - dbManagerUserIds: Array.Empty()); + dbManagerUserIds: Array.Empty(), + resolvedPermissions: 0); Assert.True(result); } @@ -38,8 +38,8 @@ public sealed class DiscordPermissionCheckerTests var result = checker.CanManageSchedule( guildOwnerId: 123456789ul, userId: managerId, - userRoles: Array.Empty(), - dbManagerUserIds: new[] { managerId }); + dbManagerUserIds: new[] { managerId }, + resolvedPermissions: 0); Assert.True(result); } @@ -51,8 +51,21 @@ public sealed class DiscordPermissionCheckerTests var result = checker.CanManageSchedule( guildOwnerId: 123456789ul, userId: 111ul, - userRoles: Array.Empty(), - dbManagerUserIds: new[] { 222ul }); + dbManagerUserIds: new[] { 222ul }, + resolvedPermissions: 0); + + Assert.False(result); + } + + [Fact] + public void CanManageSchedule_WhenUserHasOtherPermissionButNotAdmin_ReturnsFalse() + { + var checker = new DiscordPermissionChecker(); + var result = checker.CanManageSchedule( + guildOwnerId: 123456789ul, + userId: 111ul, + dbManagerUserIds: Array.Empty(), + resolvedPermissions: 0x4); // ManageServer, not Administrator Assert.False(result); }